[wp-trac] [WordPress Trac] #36033: 'kses_allowed_protocols' filter is not really filterable.
WordPress Trac
noreply at wordpress.org
Wed Mar 2 06:18:16 UTC 2016
#36033: 'kses_allowed_protocols' filter is not really filterable.
--------------------------+-----------------------------
Reporter: turtlepod | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Security | Version: 4.4.2
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+-----------------------------
Comment (by turtlepod):
Replying to [comment:1 SergeyBiryukov]:
> Previously brought up in comment:18:ticket:18268.
thanks for the link.
> This was done (in [31104]) for performance reasons, as running
`apply_filters()` on each `esc_url()` call would be a performance hit.
'''I don't think there's going to be any performance hit'''.
If you have the time, please explain further and maybe results in testing
(?). Did anyone actually test this?
I'm sure you already know that "apply_filters()" is already/also running
on every "esc_url()" call (?) so, removing it will improve the code ?
https://developer.wordpress.org/reference/functions/esc_url/ (line 3460)
{{{
/**
* Filter a string cleaned and escaped for output as a URL.
*
* @since 2.3.0
*
* @param string $good_protocol_url The cleaned URL to be returned.
* @param string $original_url The URL prior to cleaning.
* @param string $_context If 'display', replace ampersands
and single quotes only.
*/
return apply_filters( 'clean_url', $good_protocol_url, $original_url,
$_context );
}}}
> We can't remove the static variable entirely, but we could probably use
the approach from [31104]. If `esc_url()` was called before
`plugins_loaded`, it will not prevent plugins from filtering the value on
`plugins_loaded` or `init`. See [attachment:36033.patch].
Correct me if I'm wrong, but the only reason we use static so the filter
will only loaded once.
I would suggest to remove the static (?)
however using "did_action( 'wp_loaded' )" might solve this for most case.
(not sure how much performance gain for this workaround).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36033#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list